Cross-site scripting (XSS) vulnerability in Unclassified NewsBoard 1.5.3 allows remote attackers to inject arbitrary web script or HTML via the description field.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| unclassified_newsboard | unclassified_newsboard | 1.5.3 |
Directory traversal vulnerability in unb_lib/abbc.conf.php in Unclassified NewsBoard (UNB) 1.6.1 patch 1 and earlier, when register_globals is enabled, allows remote attackers to include arbitrary files via .. (dot dot) sequences and a trailing null byte (%00) in the ABBC[Config][smileset] parameter to unb_lib/abbc.css.php.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| unclassified_newsboard | unclassified_newsboard | 1.5.3a |
| unclassified_newsboard | unclassified_newsboard | 1.5.3_patch3 |
| unclassified_newsboard | unclassified_newsboard | 1.5.3 |
| unclassified_newsboard | unclassified_newsboard | * |
| unclassified_newsboard | unclassified_newsboard | 1.6.1 |
Directory traversal vulnerability in bb_lib/abbc.css.php in Unclassified NewsBoard (UNB) 1.5.3-d and possibly earlier versions, when register_globals is enabled, allows remote attackers to include arbitrary files via .. (dot dot) sequences and a trailing null byte (%00) in the design_path parameter. NOTE: this is closely related, but a different vulnerability than the ABBC[Config][smileset] parameter.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| unclassified_newsboard | unclassified_newsboard | * |